Bugtraq
- QEMU code_gen_buffer overflow POC,
TeLeMan
- 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer",
Max Moser
- rPSA-2007-0254-1 idle python,
rPath Update Announcements
- PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method,
research
- PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script,
research
- PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script,
research
- SCARE metrics and tool release,
Pete Herzog
- [ MDKSA-2007:224-3 ] - Updated samba packages fix regressions,
security
- DOS in Realplayer 11 ActiveX on Win Vista and Win XP SP2,
thesinoda
- [USN-549-1] PHP vulnerabilities,
Kees Cook
- AST-2007-026 - SQL Injection issue in cdr_pgsql,
Asterisk Security Team
- AST-2007-025 - SQL Injection issue in res_config_pgsql,
Asterisk Security Team
- ERRATA: [ GLSA 200711-20 ] Pioneers: Multiple Denials of Service,
Pierre-Yves Rofes
- Digital Armaments November-December Hacking Challenge: Diffuse Client Application (10.000$ extra),
info
- FreeBSD Security Advisory FreeBSD-SA-07:09.random,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-07:10.gtar,
FreeBSD Security Advisories
- IRM025: TIBCO Rendezvous RVD Daemon Remote Memory Leak DoS,
IRM Research
- APC Management Vulnerability,
garys
- [SECURITY] [DSA 1409-3] New samba packages fix several vulnerabilities,
Steve Kemp
- [security bulletin] HPSBUX02292 SSRT071499 rev.1 - HP-UX Running Apache, Remote Execution of Arbitrary Code,
security-alert
- [security bulletin] HPSBMA02283 SSRT071319 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS),
security-alert
- [USN-548-1] Pidgin vulnerability,
Kees Cook
- rPSA-2007-0252-1 cups poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi,
rPath Update Announcements
- [ MDKSA-2007:233 ] - Updated cpio package fixes buffer overflow and directory traversal vulnerabilities,
security
- Some Data of POC2007,
poc2007
- [ MDKSA-2007:232 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
- SYM07-029 Symantec BEWS Multiple DoS in Job Engine,
Secure
- Gekko <=0.8.2 (temp directory) Path Disclosure,
sys-project
- Secunia Research: Symantec Backup Exec Job Engine Denial of Service,
Secunia Research
- Microsoft FTP Client Multiple Bufferoverflow Vulnerability,
Rajesh Sethumadhavan
- Win2K3 Priv Escalation,
justin
- [SECURITY] [DSA 1415-1] New tk8.4 packages fix arbitrary code execution,
Moritz Muehlenhoff
- [SECURITY] [DSA 1416-1] New tk8.3 packages fix arbitrary code execution,
Moritz Muehlenhoff
- PHPSlideShow XSS Update,
morin . josh
- Liferay Enterprise Portal multiple XSS,
morin . josh
- PHPkit 1.6.1 (include.php?path=) Remote File Inclusion,
sys-project
- Eurologon CMS Multiple SQL Injection,
kingoftheworld92
- CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor,
Core Security Technologies Advisories
- Eurologon CMS Db credentials disclosure / files download,
kingoftheworld92
- [SECURITY] [DSA 1414-1] New wireshark packages fix several vulnerabilities,
Moritz Muehlenhoff
- National Computer and Information Security Conferences ACIS 2008 - COLOMBIA,
Jeimy Cano
- Announce: RFIDIOt release RFIDIOt-0.1r, November 2007,
Adam Laurie
- Ruby/Gnome2 0.16.0 Format String Vulnerability,
chris . rohlf
- [USN-547-1] PCRE vulnerabilities,
Kees Cook
- [security bulletin] HPSBUX02251 SSRT071449 rev.3 - HP-UX Running BIND, Remote DNS Cache Poisoning,
security-alert
- OWASP Israel Conference 2007, Dec 3rd 2007,
Ofer Shezaf
- [USN-546-1] Firefox vulnerabilities,
Kees Cook
- Creating Backdoors in Cisco IOS using Tcl,
IRM Research
- [USN-545-1] link-grammar vulnerability,
Kees Cook
- CONFidence 2008 CfP,
andrzej . targosz
- FIGIS (FILogin.do) Bypass SQL Injection Vulnerability,
sys-project
- ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability,
zdi-disclosures
- JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability,
sys-project
- Directory Traversal in SafeNet Sentinel Protection Server and Keys Server,
Elliot Kendall
- PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure,
kingoftheworld92
- SimpleGallery v0.1.3 (index.php) Cross-Site Scripting Vulnerability,
sys-project
- Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection,
kingoftheworld92
- DeluxeBB E-Mail Address Change Security Bypass,
bugtraq
- 2007-06 Sentinel Protection Server Directory Traversal,
VulnerabilityResearch
- [SECURITY] [DSA 1413-1] New mysql packages fix multiple vulnerabilities,
Noah Meyerhans
- [ GLSA 200711-34 ] CSTeX: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ GLSA 200711-33 ] nss_ldap: Information disclosure,
Pierre-Yves Rofes
- FMDeluxe (index.php) Cross-Site Scripting Vulnerability,
sys-project
- Citrix NetScaler Web Management Cookie Weakness,
nnposter
- Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection,
sys-project
- Skype DoS,
mail
- PHPSlideShow (toonchapter8.php) Cross-Site Scripting Vulnerability,
sys-project
- two bytehoard 2.1 bugs,
Ernesto Alvarez
- PHP 5.2.4 mail.force_extra_parameters unsecure,
cxib
- GWExtranet Script Injections & Privilege Escalation Vulnerability,
DoZ
- [SECURITY] [DSA 1412-1] New ruby1.9 packages fix insecure SSL certificate validation,
Moritz Muehlenhoff
- HPSBST02291 SSRT071498 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-061 and MS07-062,
security-alert
- [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities,
Steve Kemp
- [SECURITY] [DSA 1411-1] New libopenssl-ruby packages fix insecure SSL certificate validation,
Moritz Muehlenhoff
- Aria-Security.Net: Gouae DWD Realty SQL Injection,
noreply
- [SECURITY] [DSA 1410-1] New ruby1.8 packages fix insecure SSL certificate validation,
Moritz Muehlenhoff
- NetAuctionHelp Classified Ads v1.0 SQL Injection,
no-reply
- vBTube v1.1 - Beta ( Vbulletin Tube) Xss Vulnerable,
cybermilitan
- Amber Script 1.0 (show_content.php id) Local File Inclusion Vulnerability,
cybermilitan
- [ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check,
ISecAuditors Security Advisories
- PBLang <= 4.99.17.q Remote File Rewriting / Remote Command Execution,
kingoftheworld92
- Aria-Security.net: CoolShot E-Lite POS 1.0,
no-reply
- Bitcomet Resource Browser v1.1 XSS,
jplopezy
- [ MDKSA-2007:224-2 ] - Updated samba packages fix vulnerabilities,
security
- Mp3 ToolBox 1.0 beta 5 Remote File İnclude Vulnerability,
cybermilitan
- [0day Remote Command Execution] VigileCMS <= 1.8 Stealth,
wegotyourbox
- Aria-Security.net: Irola My-Time v3.5 SQL Injection,
no-reply
- Using CSRF to Attack Mobile Phones,
avivra
- [SECURITY] [DSA 1409-1] New samba packages fix several vulnerabilities,
Steve Kemp
- Gadu-Gadu Local/Remote Buffer Overflow vulnerability,
j00ru . vx
- [ MDKSA-2007:231 ] - Updated cacti packages fix SQL injection vulnerability,
security
- VigileCMS <= 1.8 Stealth Remote Command Execution Exploit,
bugtraq
- MySpace Scripts - Poll Creator JavaScript Injection Vulnerability,
DoZ
- Re: Simple Machines Forum multiple sql injection flaws with exploit code.,
root
- MyBlog (MyCMS) Remote PHP Code execution / PHP Code injection ..,
security
- [Argeniss] Data0: Next generation malware for stealing databases (Paper),
Cesar
- Remote Shell Command Execution in "KB-Bestellsystem" (amensa-soft.de),
zero-x
- GetBlog local File inclusion ..,
security
- [ECHO_ADV_85$2007] alstrasoft E-Friends <= 4.98 (seid) Multiple Remote SQL Injection Vulnerabilities,
erdc
- Aria-Security.net: NetAuctionHelp SQL Injection,
no-reply
- Wheatblog (wB) Remote File inclusion ..,
security
- [ MDKSA-2007:224-1 ] - Updated samba packages fix vulnerabilities,
security
- SkyPortal vRC6 Multiple Remote Vulnerabilities,
bugtraq
- Ucms <= 1.8 Backdoor Remote Command Execution Exploit,
bugtraq
- TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities,
bugtraq
- [SECURITY] [DSA 1408-1] New kdegraphics packages fix arbitrary code execution,
Moritz Muehlenhoff
- GWextranet Multiple Vulnerabilites,
Joseph . giron13
- E-vanced Solutions Multiple Vulnerabilites,
Joseph . giron13
- Aria-Security.Net: VU Mailer (Mass Mail) "Password" SQL Injection,
no-reply
- rPSA-2007-0245-2 kernel,
rPath Update Announcements
- rPSA-2007-0245-1 kernel,
rPath Update Announcements
- [ MDKSA-2007:230 ] - Updated tetex packages fix vulnerabilities,
security
- Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC],
Paul Schmehl
- rPSA-2007-0243-1 flac,
rPath Update Announcements
- [Aria-Security.Net] VU Case Manager "Username/Password" SQL Injection,
no-reply
- [ MDKSA-2007:229 ] - Updated phpMyAdmin packages fix multiple vulnerabilities,
security
- Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS),
Adrian P
- [ GLSA 200711-32 ] Feynmf: Insecure temporary file creation,
Pierre-Yves Rofes
- [ GLSA 200711-31 ] Net-SNMP: Denial of Service,
Pierre-Yves Rofes
- [ GLSA 200711-30 ] PCRE: Multiple vulnerabilities,
Pierre-Yves Rofes
- [ GLSA 200711-29 ] Samba: Execution of arbitrary code,
Pierre-Yves Rofes
- EEYE: BitDefender Online Scanner 8 Double Decode Heap Overflow,
eEye Advisories
- [ MDKSA-2007:228 ] - Updated cups packages fix vulnerabilities,
security
- [ MDKSA-2007:227 ] - Updated poppler packages fix vulnerabilities,
security
- Banks (Wellsfargo.com) using CDNs to deliver Javascript: enables password theft by anyone compromising or controlling the CDN,
joel
- [security bulletin] HPSBUX02289 SSRT071461 rev.1 - HP-UX Running BIND 8, Remote DNS Cache Poisoning,
security-alert
- [ MDKSA-2007:226 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
- [ GLSA 200711-28 ] Perl: Buffer overflow,
Pierre-Yves Rofes
- rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl,
rPath Update Announcements
- Certificate spoofing issue with Mozilla, Konqueror, Safari 2,
Nils Toedtmann
Alcatel OmniPCX Enterprise VoIP Vulnerability,
daniel . stirnimann
Wordpress Cookie Authentication Vulnerability,
Steven J. Murdoch
Citrix NetScaler Web Management XSS,
nnposter
[Aria-Secutiy Net] Click&BaneX SQL Injection,
no-reply
[SECURITY] [DSA 1407-1] New cupsys packages fix arbitrary code execution,
Moritz Muehlenhoff
Crash in LIVE555 Media Server 2007.11.01,
Luigi Auriemma
[ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
IceBB 1.0rc6 <= Remote SQL Injection,
aeroxteam-nospam
[ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability,
security
Belkin Wireless G Router DoS,
r00t
VigileCMS 1.4 Multiple Remote Vulnerabilities,
info
[ GLSA 200711-21 ] Bochs: Multiple vulnerabilities,
Pierre-Yves Rofes
[ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities,
Pierre-Yves Rofes
[ GLSA 200711-27 ] Link Grammar: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
[ GLSA 200711-25 ] MySQL: Denial of Service,
Pierre-Yves Rofes
Vulnerability Hash Database - Maillist,
Sowhat
[ GLSA 200711-26 ] teTeX: Multiple vulnerabilities,
Pierre-Yves Rofes
[ GLSA 200711-24 ] Mozilla Thunderbird: Multiple vulnerabilities,
Pierre-Yves Rofes
[ECHO_ADV_84$2007] ProfileCMS <= 1.0 Remote SQL Injection Vulnerability,
erdc
[ MDKSA-2007:224 ] - Updated samba packages fix vulnerabilities,
security
[ MDKSA-2007:223 ] - Updated pdftohtml packages fix vulnerabilities,
security
[ MDKSA-2007:222 ] - Updated koffice packages fix vulnerabilities,
security
Sciurus Hosting Panel Code İnjection,
admin
security contact for mitsubishi electric?,
Chris Withers
Myspace Clone Script (index.php) Remote File Inclusion Vulnerability,
verys-secret
Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability,
verys-secret
net-finity (links.php) Remote SQL Injection Vulnerability,
verys-secret
[USN-544-2] Samba regression,
Jamie Strandboge
rPSA-2007-0241-1 samba samba-swat,
rPath Update Announcements
JiRos Upload Manager SQL Injection,
no-reply
Javamail login username and password same email problem,
thetaung
AhnLab AntiVirus Remote Kernel Memory Corruption,
Sowhat
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability,
cocoruder
[ MDKSA-2007:221 ] - Updated kdegraphics packages fix vulnerabilities in kpdf,
security
[USN-544-1] Samba vulnerabilities,
Jamie Strandboge
[RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability,
RISE Security
[USN-543-1] VMWare vulnerabilities,
Kees Cook
PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter),
research
[ MDKSA-2007:220 ] - Updated gpdf packages fix vulnerabilities,
security
PR07-26: Persistent XSS on Aruba 800 Mobility Controller's login page,
research
[USN-542-2] KOffice vulnerabilities,
Jamie Strandboge
EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications,
eEye Advisories
[ MDKSA-2007:219 ] - Updated xpdf packages fix vulnerabilities,
security
[TKADV2007-001] Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability,
Tobias Klein
Aida-Web Information Exposure,
MC Iglo
iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability,
iDefense Labs
Secunia Research: Samba "reply_netbios_packet()" Buffer Overflow Vulnerability,
Secunia Research
[SAMBA] CVE-2007-5398 - Remote Code Execution in Samba's nmbd,
Gerald (Jerry) Carter
[SAMBA] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd,
Gerald (Jerry) Carter
[security bulletin] HPSBUX02284 SSRT071483 rev.2 - HP-UX Running Java JRE and JDK, Remote Unauthorized Access,
security-alert
Some hashes for the record,
shadown
iDefense Security Advisory 11.14.07: Apple Mac OS X Mach Port Inheritance Privilege Escalation Vulnerability,
iDefense Labs
iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk ASP Message Kernel Heap Overflow Vulnerability,
iDefense Labs
iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk mbuf Kernel Heap Overflow Vulnerability,
iDefense Labs
[ GLSA 200711-20 ] Pioneers: Denial of Service,
Pierre-Yves Rofes
Breaking RSA: Totient indirect factorization,
gandlf
[ GLSA 200711-19 ] TikiWiki: Multiple vulnerabilities,
Pierre-Yves Rofes
[ GLSA 200711-18 ] Cpio: Buffer overflow,
Pierre-Yves Rofes
TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability,
DVLabs
[ GLSA 200711-17 ] Ruby on Rails: Multiple vulnerabilities,
Pierre-Yves Rofes
[security bulletin] HPSBMA02288 SSRT071465 rev.1 - HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS),
security-alert
[ MDKSA-2007:218 ] - Updated mono packages fix arbitrary code execution vulnerability,
security
Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0,
IRM Research
Konqueror Remote Denial Of Service,
laurent . gaffie
DocuSafe "Search" SQL Injection,
No-Reply
Free Forums "search" Sql Injection,
No-Reply
[USN-542-1] poppler vulnerabilities,
Kees Cook
Predictable DNS transaction IDs in Microsoft DNS Server,
Alla Bezroutchko
Aria-Security.Net: MetaCart SQL Injection,
No-Reply
ExoPHPdesk user profile XSS / profile SQL injection,
Joseph . giron13
[USN-541-1] Emacs vulnerability,
Kees Cook
[ MDKSA-2007:217 ] - Updated libpng packages fix multiple vulnerabilities,
security
iDefense Security Advisory 11.12.07: Novell NetWare Client Local Privilege Escalation Vulnerability,
iDefense Labs
[USN-540-1] flac vulnerability,
Kees Cook
Oracle 11g/10g Installation Vulnerability,
David Litchfield
PHP <= 5.2.5 Gettext Lib Multiple Denial of service,
laurent . gaffie
PHP <= 5.2.5 stream_wrapper_register() denial of service,
laurent . gaffie
After 6 months - fix available for Microsoft DNS cache poisoning attack,
Amit Klein
[ MDKSA-2007:216 ] - Updated kernel packages fix multiple vulnerabilities and bugs,
security
Re: Bosdev Multiple vulnerabilities,
sales
ATC-08 Call for papers (repost),
atc08
[ISecAuditors Security Advisories] VTLS.web.gateway cgi is vulnerable to XSS,
ISecAuditors Security Advisories
PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'download_plugin.php3' server-side script,
research
[ GLSA 200711-16 ] CUPS: Memory corruption,
Pierre-Yves Rofes
[ MDKSA-2007:204-1 ] - Updated cups packages fix vulnerability,
security
[ GLSA 200711-15 ] FLAC: Buffer overflow,
Pierre-Yves Rofes
[ GLSA 200711-14 ] Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities,
Pierre-Yves Rofes
AutoIndex <= 2.2.2 Cross Site Scripting and Denial of Service,
L4teral
HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges,
security-alert
RFID: Security Briefings,
angelo
Cisco IOS Shellcode,
Research
FLEA-2007-0067-1 pidgin,
Foresight Linux Essential Announcement Service
Alice - dns spoofer,
fabio
FLEA-2007-0065-1 libpng,
Foresight Linux Essential Announcement Service
FLEA-2007-0069-1 perl,
Foresight Linux Essential Announcement Service
iDefense Security Advisory 11.12.07: WinPcap NPF.SYS bpf_filter_init Arbitrary Array Indexing Vulnerability,
iDefense Labs
FLEA-2007-0064-1 pcre,
Foresight Linux Essential Announcement Service
FLEA-2007-0068-1 ruby,
Foresight Linux Essential Announcement Service
FLEA-2007-0063-1 perl,
Foresight Linux Essential Announcement Service
PHP-Nuke Module Advertising Blind SQL Injection,
Guns
CVE-2007-3694: Cross site scripting (XSS) in broadcast machine,
Hanno Böck
PeopleAggregatory security advisory - re CVE-2007-5631,
phil
Standing Up Against German Laws - Project HayNeedle,
Paul Sebastian Ziegler
- Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle,
Jan Newger
- Re: Standing Up Against German Laws - Project HayNeedle,
johan beisser
- Re: Standing Up Against German Laws - Project HayNeedle,
Matt D. Harris
- Re: Standing Up Against German Laws - Project HayNeedle,
johan beisser
- Re: Standing Up Against German Laws - Project HayNeedle,
Florian Echtler
- Re: Standing Up Against German Laws - Project HayNeedle,
Paul Wouters
- Re: Standing Up Against German Laws - Project HayNeedle,
johan beisser
- Re: Standing Up Against German Laws - Project HayNeedle,
Valdis . Kletnieks
- Re: Standing Up Against German Laws - Project HayNeedle,
Frank Guthausen
- Re: Standing Up Against German Laws - Project HayNeedle,
Stefano Zanero
- Re: Standing Up Against German Laws - Project HayNeedle,
Raj Mathur
- Re: Standing Up Against German Laws - Project HayNeedle,
imipak
- RE: Standing Up Against German Laws - Project HayNeedle,
Quark IT - Hilton Travis
Re: Re: Simple Machine Forum - Private section/posts/info disclosure,
rx
Oracle 0-day to get SYSDBA access,
pete
FLEA-2007-0066-1 ImageMagick,
Foresight Linux Essential Announcement Service
Eggblog v3.1.0 XSS Vulnerability,
mesut
[SECURITY] [DSA 1405-2] New zope-cmfplone packages fix regression,
Thijs Kinkhorst
Aria-Security.Net Research: Rapid Classified HotList Image,
Advisory
[48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow,
[48bits] vulndev
iDefense Security Advisory 11.09.07: AOL AmpX ActiveX Control Multiple Buffer Overflow Vulnerabilities,
iDefense Labs
[SECURITY] [DSA 1406-1] New horde3 packages fix several vulnerabilities,
Thijs Kinkhorst
iDefense Security Advisory 11.09.07: IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability,
iDefense Labs
SQL injection bug found in TBSource.,
drakomo
[SECURITY] [DSA 1405-1] New zope-cmfplone packages fix arbitrary code execution,
Thijs Kinkhorst
xoops mylinks module - sql injection,
root
li-guestbook sql inj,
abc . seo
[ MDKSA-2007:215 ] - Updated openldap packages fix vulnerability,
security
CanSecWest 2008 CFP (deadline Nov 30, conf Mar 26-28) and PacSec Dojo's,
Dragos Ruiu
[ MDKSA-2007:214 ] - Updated flac packages fix vulnerability,
security
[SECURITY] [DSA 1403-1] New phpmyadmin packages fix cross-site scripting,
Thijs Kinkhorst
[SECURITY] [DSA 1404-1] New gallery2 packages fix privilege escalation,
Thijs Kinkhorst
AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application,
The Asterisk Development Team
[ MDKSA-2007:212 ] - Updated pcre packages fix vulnerability,
security
[ MDKSA-2007:213 ] - Updated pcre packages fix vulnerability,
security
Aria-Security.Net Research: Lotfian BROCHURE Management System,
Advisory
[ MDKSA-2007:211 ] - Updated pcre packages fix vulnerability,
security
[ GLSA 200711-13 ] 3proxy: Denial of Service,
Pierre-Yves Rofes
[security bulletin] HPSBUX02285 SSRT071484 rev.1 - HP-UX Running Aries PA Emulator, Local Unauthorized Access,
security-alert
[ GLSA 200711-12 ] Tomboy: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
[ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows,
Pierre-Yves Rofes
[OpenPKG-SA-2007.023] OpenPKG Security Advisory (perl),
OpenPKG GmbH
Simple Machine Forum - Private section/posts/info disclosure,
h3llcode
Aria-Security.Net Research: Request For Travel Sql Injection,
Advisory
[ GLSA 200711-10 ] Mono: Buffer overflow,
Pierre-Yves Rofes
[ GLSA 200711-09 ] MadWifi: Denial of Service,
Pierre-Yves Rofes
iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability,
iDefense Labs
[SECURITY] [DSA 1402-1] New gforge packages fix several vulnerabilities,
Steve Kemp
[ GLSA 200711-08 ] libpng: Multiple Denials of Service,
Pierre-Yves Rofes
[ GLSA 200711-07 ] Python: User-assisted execution of arbitrary code,
Pierre-Yves Rofes
[ GLSA 200711-06 ] Apache: Multiple vulnerabilities,
Pierre-Yves Rofes
Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities,
Secunia Research
Secunia Research: AbiWord Link Grammar "separate_sentence()" Buffer Overflow,
Secunia Research
Secunia Research: Link Grammar "separate_sentence()" Buffer Overflow,
Secunia Research
SiteMinder Agent: Cross Site Scripting,
Giuseppe Gottardi
[ GLSA 200711-05 ] SiteBar: Multiple issues,
Pierre-Yves Rofes
[ MDKSA-2007:210 ] - Updated xfs package prevents arbitrary code execution vulnerabilities,
security
[ GLSA 200711-04 ] Evolution: User-assisted remote execution of arbitrary code,
Pierre-Yves Rofes
[SECURITY] [DSA 1400-1] New perl packages fix arbitrary code execution,
Florian Weimer
MyWebFTP Password Disclosure,
[NO-REPLY]
iDefense Security Advisory 11.06.07: Microsoft DebugView Privilege Escalation Vulnerability,
iDefense Labs
rPSA-2007-0231-1 pcre,
rPath Update Announcements
PhpNuke (add-on) MS TopSites Edit Exploit And Html Injection,
Guns
Cypress BX script backdoored?,
Chris
IDMOS v1.0 Alpha Multiple RFI Vulnerability,
Guns
SMF .htaccess bypass,
h3llcode
[CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix,
mj
[ MDKSA-2007:209 ] - Updated netpbm packages fix vulnerability,
security
[USN-539-1] CUPS vulnerability,
Kees Cook
rPSA-2007-0232-1 perl,
rPath Update Announcements
[ MDKSA-2007:208 ] - Updated ghostscript packages fix vulnerability,
security
[ MDKSA-2007:207 ] - Updated perl packages fix vulnerability,
security
[SECURITY] [DSA 1401-1] New iceape packages fix several vulnerabilities,
Moritz Muehlenhoff
ZDI-07-067: Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability,
zdi-disclosures
ZDI-07-068: Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability,
zdi-disclosures
ZDI-07-065: Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability,
zdi-disclosures
ZDI-07-066: Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability,
zdi-disclosures
iDefense Security Advisory 11.05.07: Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability,
iDefense Labs
[SECURITY] [DSA 1399-1] New pcre3 packages fix arbitrary code execution,
Florian Weimer
Leopard's firewall damages Skype and WoW,
Juergen Schmidt
iDefense Security Advisory 11.02.07: Sun Microsystems Solaris srsexec Format String Vulnerability,
iDefense Labs
[Tool] sqlmap: a blind SQL injection tool (release 0.5),
Bernardo Damele
[SECURITY] [DSA 1398-1] New perdition packages fix arbitrary code execution,
Noah Meyerhans
JBC Explorer <= V7.20 RC 1 Remote Code Execution Exploit,
gmdarkfig
Skalinks <= 1_5 Cross Site Request Forgery Add Admin,
djvincy
[SECURITY] [DSA 1397-1] New mono packages fix integer overflow,
Moritz Muehlenhoff
[ MDKSA-2007:206 ] - Updated pwlib packages fix vulnerability,
security
phphelpdesk Multiple vulnerabilities,
Joseph . giron13
DoS Exploit for DHCPd bug (Bugtraq ID 25984 ; CVE-2007-5365),
Roman Medina-Heigl Hernandez
[ MDKSA-2007:205 ] - Updated opal packages fix vulnerability,
security
[ GLSA 200711-02 ] OpenSSH: Security bypass,
Pierre-Yves Rofes
[UPH-07-01] Firefly Media Server DoS,
nnp
[UPH-07-02] Firefly Media Server DoS,
nnp
[UPH-07-03] Firefly Media Server remote format string vulnerability,
nnp
Re: [botnets] re MAC trojan (fwd),
Gadi Evron
[USN-537-2] Compiz vulnerability,
Kees Cook
Scribe <= 2.0 Remote PHP Code Execution,
kingoftheworld92
Secunia Research: ACDSee Products Image and Archive Plug-ins Buffer Overflows,
Secunia Research
[ GLSA 200711-03 ] Gallery: Multiple vulnerabilities,
Pierre-Yves Rofes
IM upgrade automated social engineering attack,
Dragos Ruiu
[ GLSA 200711-01 ] gFTP: Multiple vulnerabilities,
Pierre-Yves Rofes
[ MDKSA-2007:204 ] - Updated cups packages fix vulnerability,
security
[ MDKSA-2007:203 ] - Updated xen packages fix multiple vulnerabilities,
security
Re: Airkiosk/formlib application is XSS vuln,
Raymond Pete
Two XSS on Blue Coat ProxySG Management Console,
research
Cryptome: NSA has access to Windows Mobile smartphones,
Juha-Matti Laurio
ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability,
zdi-disclosures
ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability,
zdi-disclosures
SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALL SSL-VPN Client,
Bernhard Mueller
mac trojan in-the-wild,
Gadi Evron
Re: [Full-disclosure] mac trojan in-the-wild,
Peter Besenbruch
<Possible follow-ups>
RE: mac trojan in-the-wild,
Memisyazici, Aras
(tool announce) Orizon v0.50 announce,
Paolo Perego
ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability,
zdi-disclosures
ZDI-07-064: Novell Client Trust Heap Overflow Vulnerability,
zdi-disclosures
ZDI-07-060: HP OpenView Radia Integration Server File System Exposure Vulnerability,
zdi-disclosures
sBlog 0.7.3 Beta Cross Site Request Forgery,
Guns
ZDI-07-059: Verity KeyView SDK Multiple File Format Parsing Vulnerabilities,
zdi-disclosures
Re: Comments re ISC's announcement on bind9 security,
Henrik Langos
CFP: International workshop on Secure Software Engineering - Deadline extended!,
secse08
Synergiser <= 1.2 RC1 Local File Inclusion & Full path disclosure,
kingoftheworld92
ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability,
zdi-disclosures
